What ports and protocols to close on a Windows server?

D

Dmitry Shumov2018-07-23 18:00:56

Computer networks

Dmitry Shumov, 2018-07-23 18:00:56

Good afternoon! There is such a practice, to ensure the security of the server, to close unnecessary ports and protocols, leaving only the necessary ones to work. Are there any recommendations, lists of ports and protocols for server roles that servers need to work.
It turned out chaotically, if anything, I can clarify the question, if it is not clear.
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

F

FeNUMe, 2018-07-23
@FeNUMe

Close everything, open only used ones.

S

Sergey, 2018-07-23
@SuNbka

The Wiki has a large table with the number, protocol and description.
The speaker above said everything correctly,
Rules in this order:
- all permissive rules (if possible, indicating from [IP address] to whom or to whom);
- prohibition rule for everything and everyone.

D

Dmitry Shumov, 2018-07-24
@dshumov

Firewall, this is understandable - I used it. And the table in the Wiki is also understandable. I want to close based on switch/switch. Those. I understand correctly, you need to close everything, and then, based on the table, open only what you need? But for sure, there is some kind of list of the minimum required ports for a windows server, from which to build. It is easier to open the minimum necessary, and then add as needed. Here is a list that will be minimally sufficient for a windows server in a domain:
53/TCP,UDP DOMAIN (Domain Name System)
67, 68/UDP
and open ports for the heap from this table
or is it redundant or not enough?